- Improvements to the new versions include new controls on threat intelligence, information security when using cloud services, web filtering and secure coding.
- The 93 controls defined in the new edition of UNE-EN ISO/IEC 27002:2023 reflect a more integrated and holistic view of information security.
- For organizations, implementing these standards is of great help in their digital transformation process, providing a secure and efficient framework for managing information and protecting privacy.
Madrid, 17 May 2023 -The Spanish Association for Standardization, UNE, has published the new versions of the UNE-ISO/IEC 27001:2023 and UNE-EN ISO/IEC 27002:2023 standards to promote cybersecurity and digitization. The announcement was made by the Spanish standardization body on the occasion of World Internet Day; these standards will be available on the UNE website from tomorrow, 18 May.
UNE-ISO/IEC 27001:2023 "Information security, cybersecurity and privacy protection. Information security management systems. Requirements" and UNE-EN ISO/IEC 27002:2023 "Information security, cybersecurity and privacy protection. Control of information security. (ISO/IEC 27002: 2022)" reinforce the standard framework for establishing, implementing, maintaining and improving an Information Security Management System (ISMS) that can be fully integrated with other international management systems, such as ISO/IEC 9001 (quality), ISO/IEC 14001 (environment) or ISO/IEC 22301 (business continuity).
The new versions of the UNE-ISO/IEC 27001:2023 and UNE-EN ISO/IEC 27002:2023 standards introduce important updates to keep up with the rapid and evolving changes in cybersecurity and privacy protection. These updates include the incorporation of new controls, and simplify management by merging existing controls.
The recently added controls include those involving threat intelligence, cloud services, web filtering and secure coding. These changes reflect the growing complexity and sophistication of threats to information security in digital environments.
In terms of simplification, one example is the "Inventory of information and other assets" control, which now combines the previous controls on asset inventory and ownership. This consolidation aims to make information security management more efficient.
The 93 controls defined in the new edition of the UNE-EN ISO/IEC 27002:2023 standard are now organized into four clauses: Organization Controls (37), Personnel Controls (8), Physical Controls (14) and Technological Controls (34). This structure reflects a more integrated and holistic view of information security.
In addition, the standard places special emphasis on managing suppliers. Recognizing the risks inherent to the supply chain, the standard proposes a more comprehensive oversight of this area to identify and address possible security gaps.
The new versions of these standards are also a crucial step to adapting to the current context of information security, facilitating integration with the National Security Scheme and simplifying its practical application.
For organizations, implementing these standards is of great help in their digitization process, providing a secure and efficient framework for managing information and protecting privacy.
